Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(410)

Unified Diff: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h

Issue 2056183002: Implement the `require-sri-for` CSP directive (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: addressed comments Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
index befa79ce37f8840af11fcd2ca706b592bd98babc..1eb3d018c073d1fdd6adb61585ce0a06d9c60858 100644
--- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
+++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicy.h
@@ -105,6 +105,9 @@ public:
// https://mikewest.github.io/cors-rfc1918/#csp
static const char TreatAsPublicAddress[];
+ // https://w3c.github.io/webappsec-subresource-integrity/#require-sri-for
+ static const char RequireSRIFor[];
+
enum ReportingStatus {
SendReport,
SuppressReport
@@ -205,7 +208,9 @@ public:
bool allowScriptWithHash(const String& source, InlineType) const;
bool allowStyleWithHash(const String& source, InlineType) const;
- bool allowRequest(WebURLRequest::RequestContext, const KURL&, const String& nonce, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
+ bool allowRequestWithoutIntegrity(WebURLRequest::RequestContext, const KURL&, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
+
+ bool allowRequest(WebURLRequest::RequestContext, const KURL&, const String& nonce, const IntegrityMetadataSet&, RedirectStatus = RedirectStatus::NoRedirect, ReportingStatus = SendReport) const;
void usesScriptHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
void usesStyleHashAlgorithms(uint8_t ContentSecurityPolicyHashAlgorithm);
@@ -228,6 +233,7 @@ public:
void reportInvalidDirectiveValueCharacter(const String& directiveName, const String& value);
void reportInvalidPathCharacter(const String& directiveName, const String& value, const char);
void reportInvalidPluginTypes(const String&);
+ void reportInvalidRequireSRIForTokens(const String&);
void reportInvalidSandboxFlags(const String&);
void reportInvalidSourceExpression(const String& directiveName, const String& source);
void reportInvalidReflectedXSS(const String&);

Powered by Google App Engine
This is Rietveld 408576698